Author: jleroux
Date: Thu May 9 09:21:20 2019
New Revision: 1858981
URL:
http://svn.apache.org/viewvc?rev=1858981&view=revLog:
"Applied fix from trunk for revision: 1858980 "
------------------------------------------------------------------------
r1858980 | jleroux | 2019-05-09 11:17:08 +0200 (jeu. 09 mai 2019) | 4 lignes
Fixed: OWASP sanitizer breaks proper rendering of HTML code
(OFBIZ-10187)
By default we now use a permissive sanitizer policy
------------------------------------------------------------------------
Modified:
ofbiz/ofbiz-framework/branches/release18.12/ (props changed)
ofbiz/ofbiz-framework/branches/release18.12/framework/base/config/owasp.properties
Propchange: ofbiz/ofbiz-framework/branches/release18.12/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu May 9 09:21:20 2019
@@ -10,4 +10,4 @@
/ofbiz/branches/json-integration-refactoring:1634077-1635900
/ofbiz/branches/multitenant20100310:921280-927264
/ofbiz/branches/release13.07:1547657
-/ofbiz/ofbiz-framework/trunk:1849931,1850015,1850023,1850530,1850647,1850685,1850694,1850711,1850914,1850918,1850921,1850948,1850953,1851006,1851013,1851068,1851074,1851130,1851158,1851200,1851224,1851247,1851254,1851315,1851319,1851350,1851353,1851433,1851500,1851805,1851885,1851998,1852503,1852587,1852818,1852882,1853070,1853109,1853691,1853745,1853750,1854306,1854457,1854683,1855078,1855083,1855287,1855371,1855403,1855488,1855492,1855497,1855501,1855898,1856212,1856405,1856455,1856459-1856460,1856484,1856598,1856610,1856613,1856617,1856667,1857088,1857099,1857152,1857154,1857173,1857180,1857213,1857392,1857617,1857692,1857813,1858035,1858092,1858180,1858250,1858256,1858275,1858319,1858347,1858432,1858444,1858483,1858523,1858539,1858965
+/ofbiz/ofbiz-framework/trunk:1849931,1850015,1850023,1850530,1850647,1850685,1850694,1850711,1850914,1850918,1850921,1850948,1850953,1851006,1851013,1851068,1851074,1851130,1851158,1851200,1851224,1851247,1851254,1851315,1851319,1851350,1851353,1851433,1851500,1851805,1851885,1851998,1852503,1852587,1852818,1852882,1853070,1853109,1853691,1853745,1853750,1854306,1854457,1854683,1855078,1855083,1855287,1855371,1855403,1855488,1855492,1855497,1855501,1855898,1856212,1856405,1856455,1856459-1856460,1856484,1856598,1856610,1856613,1856617,1856667,1857088,1857099,1857152,1857154,1857173,1857180,1857213,1857392,1857617,1857692,1857813,1858035,1858092,1858180,1858250,1858256,1858275,1858319,1858347,1858432,1858444,1858483,1858523,1858539,1858965,1858980
Modified: ofbiz/ofbiz-framework/branches/release18.12/framework/base/config/owasp.properties
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release18.12/framework/base/config/owasp.properties?rev=1858981&r1=1858980&r2=1858981&view=diff==============================================================================
--- ofbiz/ofbiz-framework/branches/release18.12/framework/base/config/owasp.properties (original)
+++ ofbiz/ofbiz-framework/branches/release18.12/framework/base/config/owasp.properties Thu May 9 09:21:20 2019
@@ -21,10 +21,11 @@
# OFBiz OWASP properties File
https://www.owasp.org/index.php/Main_Page ####
-# Should we use a permissive sanitizer policy? False By default!
-# This has a slightly impact on the code rendered, see last comments in OFBIZ-6669.
+# By default we use a permissive sanitizer policy
+# This has a slight impact on the code rendered, see last comments in OFBIZ-6669.
# Given as an example based on rendering cmssite, as it was before using the sanitizer.
-# You might even want to adapt the PERMISSIVE_POLICY to your needs... Be sure to check
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet before...
+# You might even want to adapt the PERMISSIVE_POLICY to your needs.
+# Be sure to check
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet before...
# Use sanitizer.permissive.policy=CUSTOM to use your custom PolicyFactory
sanitizer.enable=true
Locked
